CISA flags critical Microsoft SCCM flaw as exploited in attacks
CISA ordered U.S. government agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited…
Category: Bleeping Computer
Microsoft fixes bug that blocked Google Chrome from launching
Microsoft has fixed a known issue causing its Family Safety parental control service to block Windows users from launching Google Chrome and other web browsers.…
Russia tries to block WhatsApp, Telegram in communication blockade
The Russian government is trying to block WhatsApp in the country as its crackdown on communication platforms outside its control intensifies. WhatsApp announced the action…
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC…
Bitwarden introduces ‘Cupid Vault’ for secure password sharing
Bitwarden has launched a new system called ‘Cupid Vault’ that allows users to safely share passwords with trusted email addresses. Cupid Vault works by allowing users…
New Windows LNK spoofing issues aren’t vulnerabilities
Today, at Wild West Hackin’ Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads.…
Romania’s oil pipeline operator Conpet confirms data stolen in attack
Romania’s national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week. In a press release…
Odido data breach exposes personal info of 6.2 million customers
Dutch telecommunications provider Odido is warning that it suffered a cyberattack that reportedly exposed the personal data of 6.2 million customers. Odido is one of…
WordPress plugin with 900k installs vulnerable to critical RCE flaw
A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution…
AMOS infostealer targets macOS through a popular AI app
Infostealers like Atomic MacOS Stealer (AMOS) represent far more than a standalone malware. They are foundational components of a mature cybercrime economy built around harvesting, trading,…
Fake AI Chrome extensions with 300K users steal credentials, emails
A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email…
Google says hackers are abusing Gemini AI for all attacks stages
State-backed hackers are using Google’s Gemini AI model to support all stages of an attack, from reconnaissance to post-compromise actions. Bad actors from China (APT31, Temp.HEX), Iran…